What we will do ?

Based on ourscenario, we assume that some application has been protected using basic authentication configured in apache. We will implement Basic Authentication using LDAP and configure apache to use LDAP for authentication.

As we usually did in all our previous cases, we need to create a separate group for managing access to the application. Refer the below diagram to understand what needs to be created.

We have everything ready from LDAP server side. Up next we will configure apache basic authentication config to point to LDAP

Enable authnz_ldap module

As a first step in the server where apache runs, you need to enable the authnz_ldap module

a2enmod authnz_ldap

Restart apache server after enabling the module

systemctl restart apache2.service

Update cert path in apache ldap.conf

Since we have enforced TLS for connections at LDAP server, we need update apache ldap config to point to the TLS cacert. Copy the cacert.pem generated in this section to the server where apache is running.

Assuming, the cert is placed in ‘/etc/ldap/certs/cacert.pem’, we will update it in apache’s ldap.conf file

Open the file ‘/etc/apache2/mods-enabled/ldap.conf’ in vi and add the below content

LDAPTrustedGlobalCert CA_BASE64 /etc/ldap/certs/cacert.pem

Save the file and reload apache

systemctl reload apache2.service

Update Basic Auth to point to LDAP

Update the virtual host for which you have configured basic authentication. For example,